Hackers love a bad transition

Cybersecurity was in the balance before President Trump tweeted the dismissal of Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency. Now it is in peril.

During the presidential transition, the “lame duck” administration traditionally gives the incoming administration time to choose cabinet members and get approval for those officials who need to be in place to assure seamless governance. While this process is important in a number of ways, it is crucial to national security.

President Trump doesn’t seem to care about any of that.

The much anticipated move to fire Mr. Krebs came in what many deem to be retaliation for the cybersecurity expert’s post-election determination that there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

In addition to the former director of the Cybersecurity and Infrastructure Security Agency, a number of federal, state and local officials have also stated that the 2020 election was the most secure in our nation’s history.

“At this period of heightened risk for our nation, we do not have a single day to spare to begin the transition,” four former DHS secretaries Tom Ridge, Michael Chertoff, Janet Napolitano and Jeh Johnson stated. “For the good of the nation, we must start now.”

Taking their lead seemingly from President Trump’s twitter feed, conservative media have called into question the election results. Citing a report on One America News Network, Trump continues to make the false claim that Dominion Voting Systems caused 2.7 million votes to disappear, or, alternately, to switch them from Trump to Biden.

The only newsworthy account of an earnest attempt to make votes disappear, meanwhile, came to light when Georgia’s Republican Secretary of State Brad Raffensberger revealed that he has been pressured to change the outcome of Georgia’s vote, most notably by Sen. Lindsey Graham (R-S.C.).

As the president’s legal efforts to dispute the outcome of the election die the death of a thousand no’s, and the administrator of the General Services Administration refuses to allocate funds earmarked for President-elect Joe Biden’s transition, cybersecurity is, of course, not the only issue. America is imperiled in a number of ways.

The COVID-19 crisis is central, and for good reason. Hospitals throughout the nation are running out of ICU beds, and while Trump claims credit for vaccines he didn’t develop, new infections are rising unchecked. Climate change-related fires and extreme weather events are another pressing issue, and then there’s the renewed push for racial equality spurred by the death of George Floyd and many other people of color at the hands of the police. And all of this in no way diminishes the several geo-political power struggles underway that would normally be of strategic concern to the United States.

With so much going on, I fear Cyber Command and the NSA could get lost in the shuffle. These organizations are tasked with protecting critical information and outmaneuvering cyber enemies, as well as sharing cybersecurity best practices and adapting to new threats. Chief among their responsibilities: the identification and mitigation of vulnerabilities in cyberspace.

Beyond the unknowable threats posed by hostile states, there’s the fact that the president-elect’s website is insecure right now. According to FedScoop, new .gov federal executive branch domains have been automatically preloaded to a HTTP Strict Transport Security (HSTS) list since mid-2017, which in laymen’s terms means that .gov sites are more secure. President-elect Biden’s website cannot migrate from .com to .gov without getting a green light from the GSA.

In 2000, the U.S. had a transition crisis similar to the one we face now. While Florida recounted votes and America focused on hanging chads, some national security experts believe the seeds for the 9/11 attacks were planted — precisely during that interval of upheaval and inattention and the subsequent mad rush to get everything figured out and functional before Inauguration Day.

Unlike nature, hackers adore — rather than abhor — a vacuum.

Bad actors are constantly probing for vulnerabilities in the enemy’s cyber defenses, attacking when they find one.

It’s time to begin the transition for the sake of our national security.

Adam K. Levin is chairman and founder of CyberScout (formerly IDT911) and co-founder of Credit.com. He is a former director of the New Jersey Division of Consumer Affairs and is the author of Swiped: How to Protect Yourself In a World Full of Scammers, Phishers, and Identity Thieves.